Geek Answers Handbook

Verify user input or

We allow users to search for a database from a single text input, and I am having difficulty filtering some user strings.

For example, if the user sends:

          lcd SONY

(Pay attention to?) I need to cancel the search.

I include a base64 encoded version of the above line so that it starts easily:

 print(base64_decode("1MfLxc/RwdPHIGxjZCBTT05Z"));

I ignored such inputs before, but now (not sure why) I just realized that the mysql database query takes almost all the time to execute this, so now it has high priority.

Another example, to emphasize that we use utf-8 and mb_detect_encoding, does not help much:

 print(base64_decode("zqDOm8+Fzr3PhM63z4HOuc6/IM+Bzr/Phc+HzyU=")); ΠΛυντηριο ρουχ %

So:

  • How can I identify / filter these inputs?
  • how is this input generated?
+6
filter php validation unicode detect
source share
2 answers

You should not do this, although if you really want to filter (which I do not recommend), do a check for alphanumeric as well as "-." etc.

You can use some of these functions to help you in the filtering process.

http://www.php.net/manual/en/function.ctype-alnum.php

+1
source share

If you execute these queries after creating a connection to mysql, it should handle utf-8 input and the results are just fine without spitting out. '.

 mysql_query("SET character_set_client=utf8", $mysqlConn); mysql_query("SET character_set_connection=utf8", $mysqlConn); mysql_query("SET character_set_results=utf8", $mysqlConn);

(assuming the database is installed on utf-8, and you do not mind filtering them if they do not convert?) s

(also assuming you are using mysql, other dbms probably have similar functions)

0
source share

More articles:


All Articles